Because of the explosive growth of the Internet and the practical application of electronic transaction, the social needs for encryption technology in view of confidentiality, prevention of alteration, and personal authentication in the communication are increasing. Currently, the common key system such as DES code and the public key system such as RSA code have been widely used. These systems are, however, designed on the basis of the “computational security”. In other words, the existing encryption system is kept under threat of advancement in the computer hardware and the decryption algorithm. Practical realization of the encryption system that guarantees safety in principle may give a significant impact on the fields which require especially high security, for example, bank transaction and communication with respect to military and diplomatic information.
One-time-pad method is the encryption system which has been proved as exhibiting unconditional security according to the information theory. In the one-time-pad method, a disposable secret common key with the same length a message is used. However, the one-time-pad method is established under the strict condition where two parties at remote locations share the perfectly matched secret common key which allows no information leakage to the third party on the assumption that no error occurs. Generally, this may cause difficulties in the application. Meanwhile, the condition where two parties at remote locations share the correlated initial random numbers and such information may be leaked to the third party can be realized relatively easily. In fact, the sender and receiver share such random numbers using the quantum cryptography subsequent to the quantum communication, base collation and error probability estimation. Under this condition, the secret communication between two parties is highly demanded. Conventionally, the key distillation including the quantum cryptography described later is performed first, and then the secret communication with the one-time-pad method is performed by using the resultant key.
According to the above, the key distillation is a process performed to generate the perfectly matched secret common key for two parties, which allows substantially no information leakage to the third party, by performing communication properly between those two parties. The error-correcting code, such as Reed-Solomon code and LDPC code, has been well known to be used for coping with the communication which causes error with a certain probability. The use of the error-correcting code for the key distillation has been known (see Non-Patent Document 3).
The method for obtaining the error ratio of the initial random number generated through the quantum communication and the upper limit of an amount of information eavesdropped by the eavesdropper has been researched in various studies with respect to the quantum cryptography. Accordingly, the initial random number generation unit, the device for estimating the error ratio with respect to the initial random number, and the device for estimating the upper limit of the eavesdropped information amount are considered as background of the present invention.
The generally employed secret communication device is operated using the one-time-pad method which allows the key distillation device to generate the secret common key for the purpose of transmitting the information from the sender to the receiver based on the initial random numbers of the sender and the receiver without leakage of the information to the third party (see Non-Patent Document 2).
The configuration of the secret communication device explained with respect to the secret communication method (see Non-Patent Document 2) will be described hereinafter.
FIG. 1 is a block diagram of a secret communication device as related art (Non-Patent Document 2) and FIG. 2 is a flowchart showing the secret communication method.
Referring to FIGS. 1 and 2, the secret communication device is formed of a key distillation section A and a one-time-pad secret communication section B. The key distillation section A includes initial random number generation units 1, 15, initial random number storage units 2, 16, transmission units 9, 28, public communication paths 10, 29, reception units 11, 30, common key generation units 24, 26, confidentiality increase matrix generation units 8, 18, a parity check matrix generation unit 25, an error correction code decoding function generation unit 21, an error ratio estimation unit 4, and an eavesdrop information amount estimation unit 19. The one-time-pad secret communication section B includes the transmission unit 28, the public communication path 29, the reception unit 30, an input unit 6, an output unit 20, an encryption unit 27, and a decryption unit 31. The error ratio estimation unit 4 and the eavesdropped information amount estimation unit 19 are provided for the sender side as an example, however, they may be provided for the receiver side.
The error ratio estimation unit 4 estimates the ratio of error which occurs in the initial random numbers shared by the sender S and the receiver R to determine an encoding ratio. The parity check matrix generation unit 25 preliminarily stores the encoding function corresponding to the error ratio value. The error correction code decoding function generation unit 21 preliminarily stores the decoding function corresponding to the error ratio. The eavesdropped information amount estimation unit 19 estimates the upper limit value of the amount of the information which may be eavesdropped by the eavesdropper. The confidentiality increase matrix generation units 8, 18 preliminarily store the confidentiality increase matrix uniquely determined by the eavesdropped information amount and the encoding ratio. The common key generation unit 24 of the sender S generates the common key based on the initial random number, the confidentiality increase matrix and the encoding function. The common key generation unit 26 of the receiver R generates the common key based on the initial random number, the confidentiality increase matrix, the decoding function, and the bit sequence sent from the sender S. According to Non-Patent Document 2, the initial random number generation units 1, 15, the error ratio estimation unit 4 and the eavesdropped information amount estimation unit 19 are configured by using the quantum communication.
Next, the operation of the secret communication device explained in Non-Patent Document 2 will be described.
The correlated initial random numbers are generated by the initial random number generation units 1, 15 of the sender S and the receiver R, respectively (step S1) and stored in the respective initial random number storage units 2, 16 (step S2, S3). At the same time, the ratio of error which occurs in those random numbers (error ratio) is estimated by the error ratio estimation unit 4 (step S4). The parity check matrix generation unit 25 generates the encoded parity check matrix corresponding to the error ratio value estimated by the error ratio estimation unit 4 (step S5). The error correction code decoding function generation unit 21 generates the decoding function corresponding to the encoding using the error ratio estimation unit 4 (step S6). The eavesdrop information amount estimation unit 19 estimates the upper limit value of the amount of information with respect to the random number which may be eavesdropped by the eavesdropper (step S7). It is then determined whether or not the eavesdropped information amount is larger than the threshold value determined by the estimated error ratio (step S8). If the amount is larger than the threshold value, the process returns to start generating the initial random numbers again. Meanwhile, if the amount is smaller than the threshold value, the confidentiality increase matrix generation units 8, 18 of the sender S and the receiver R generate the confidentiality increase matrices, respectively (step S9, S10). The sender S operates the common key generation unit 24 to generate the common key determined by the initial random number, the confidentiality increase matrix, and the encoded function (step S11). The sender S operates the common key generation unit 24 to generate the information with respect to the syndrome required for the receiver R to generate the common key. The information is then transmitted through the public communication path 10 (step S12). The receiver R uses the bit sequence sent from the sender S to allow the common key generation unit 26 to generate the common key by the initial random number, the confidentiality increase matrix, and the decoding function (step S13). This is the operation of the key distillation section A.
The operation of the one-time-pad secret communication section B will be described.
The sender S performs XOR operation of the input information (step S14) and the common key to generate the ciphertext (step S15) using the encryption unit 27. The ciphertext is sent to the receiver R through the public communication path 29 (step S16). Then the receiver R performs XOR operation of the received ciphertext and the common key to decrypt the ciphertext using the decryption section 31 (step S17).
In Non-Patent Document 2, the common key generation unit 24 of the sender S is formed of the syndrome generation unit and the common key generation unit. Those components are collectively called as the common key generation unit 24 so as to be compared with the present invention.
In Non-Patent Document 2, the common key generation unit 26 of the receiver R is formed of the syndrome decoding unit and the common key generation unit. Those components are collectively called as the common key generation unit 26 so as to be compared with the present invention.
In case of the quantum cryptography, key distillation of the correlated random number is performed after the quantum communication, the base collation and the error ratio estimation to generate the secret common key (see Patent Document 2). Thereafter, the secret communication is normally executed using the generated secret common key.
The system for delivering interference quantum encryption key (Patent Document 1) and the method for delivering quantum key and communication device (Patent Document 2) have been disclosed.